[prev in list] [next in list] [prev in thread] [next in thread]
List: vol-dev
Subject: [Vol-dev] Breakpoints On Instruction calls
From: nirizr () gmail ! com (nir izraeli)
Date: 2013-05-31 7:38:46
Message-ID: CAKnf69MZGGS-5Bb0symdEeE=vKscA5f4HL-Abd2Hi-uihKW_LQ () mail ! gmail ! com
[Download RAW message or body]
AFAIK you can't rely on vmware to sync files with live memory.
it uses them mostly to save states when the machine is suspended.
you could suspend, modify, resume but it'll be a slow process.
On Fri, May 31, 2013 at 10:30 PM, Tamas Lengyel
<tamas.k.lengyel@gmail.com>wrote:
> Not sure about VMware but you can do both with Xen and LibVMI (
> https://code.google.com/p/vmitools/).
>
> Tamas
>
>
> On Fri, May 31, 2013 at 5:22 PM, A B <amitrajitb@gmail.com> wrote:
>
>> All,
>>
>> This is my first post in this forum, and I am also very new to this
>> website, so please excuse my ignorance.
>>
>> This is a fantastic project no doubt.
>>
>>
>> Now, coming to my questions:
>>
>> 1. Is it possible to run volatility on a running 'live' VM's memory? That
>> is, assuming that I have vmware work station running, can I use the live
>> vmem file as input and get reliavble outputs?
>>
>> 2. If one is possible, then is it possible to generate a breakpoint or
>> get a call back when a particular memory location is hit? I ask this
>> because, assuming that an executable is loaded in certain pages inside the
>> vmem, and I want to get notified when a particular function of that loaded
>> executable is called, this wuld mean that when the virtual CPU executes the
>> first instruction of that function I need a callback, is that possible?
>>
>> thanks in advance...
>>
>> --
>>
>> - ab
>>
>> _______________________________________________
>> Vol-dev mailing list
>> Vol-dev@volatilesystems.com
>> http://lists.volatilesystems.com/mailman/listinfo/vol-dev
>>
>>
>
> _______________________________________________
> Vol-dev mailing list
> Vol-dev@volatilesystems.com
> http://lists.volatilesystems.com/mailman/listinfo/vol-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilesystems.com/pipermail/vol-dev/attachments/20130531/c6e3fa4d/attachment.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic